Last updated: October 30, 2025
Effective date: November 1, 2025
Version: 1.0

Table of Contents

1. The Meaning of the Privacy Policy
2. The Items of Personal Information Collected and Methods of Collection
3. The Purposes of Collection and Use of Personal Information
4. The Period of Retention and Use of Personal Information
5. The Provision of Personal Information to Third Parties
6. The Subcontracting of Personal Information Processing
7. The Procedures and Methods of Destruction of Personal Information
8. The Rights, Obligations and Methods of Exercise of the Information Subject
9. The Security Assurance Measures of Personal Information
10. The Installation, Operation and Rejection of the Automatic Personal Information Collection Device
11. The Privacy Protection Responsible Person
12. The Processing of Personal Information Transferred Overseas
13. The Change of the Privacy Policy

1. The Meaning of the Privacy Policy

deltai Technologies Inc. (hereinafter "the Company") establishes and publishes the privacy policy in accordance with related laws such as the "Personal Information Protection Act", "Information and Communications Network Promotion and Information Protection Act", etc., for the purpose of protecting users' personal information and promptly and properly handling complaints related thereto.

This privacy policy applies to the deltai service (hereinafter "the Service") provided by the Company and includes the following contents:

• The items of personal information collected by the Company and methods of collection
• The purposes of collection and use of personal information
• The period of retention and use of personal information
• The provision to third parties and subcontracting of personal information processing
• The rights, obligations and methods of exercise of the information subject
• The procedures and methods of destruction of personal information
• The security assurance measures of personal information
• The privacy protection responsible person and information of contact for the responsible person

2. The Items of Personal Information Collected and Methods of Collection

2.1 The Items of Personal Information Collected

The Company collects the following personal information to provide services:

Mandatory Collection Items

At the time of member registration

• Email address (Account ID)
• Password (stored encrypted)
• Name or nickname

When using paid services

• Credit card information (card number, expiration date, CVC are processed by the payment agency and the Company does not store them)
• Payment history and transaction information
• Email address for bill receipt

When using enterprise account (Agent Enterprise)

• Company name
• Business registration number
• Information of the person in charge (name, email, contact)
• Address for bill issuance

Optional Collection Items

• Profile picture
• Mobile phone number (for two-factor authentication, SMS notification reception)
• Information on fields of interest and occupation
• Social media account linkage information (Google, GitHub, etc.)

Automatic Collection Items

Information automatically collected during the service utilization process

• IP address
• Cookie and session information
• Service utilization record
• Access log
• Access time and device information
• Browser type and OS information
• AI model usage history and credit consumption history
• Agent creation and execution log

2.2 Methods of Collection

The Company collects personal information through the following methods:

• Direct input by the user during member registration and service utilization process
• Collection through email, phone, chat, etc., during the consultation process with the customer center
• Provided by partners (OAuth login with Google, GitHub, etc.)
• Automatic collection through generated information collection tools

3. The Purposes of Collection and Use of Personal Information

The Company utilizes the collected personal information for the following purposes:

3.1 Member Management

• Provision of membership services
• Identity confirmation and personal identification
• Maintenance and management of member qualification
• Prevention of improper service utilization
• General notices and communications
• Complaint processing
• Preservation of records for dispute mediation

3.2 Service Provision

• AI agent platform service provision
• Credit-based AI model utilization service
• Project and workspace management
• Ontology learning and agent training
• MCP tool integration and execution
• Content provision
• Provision of personalized services
• Service utilization statistical analysis

3.3 Contract Fulfillment and Fee Settlement

• Payment and settlement for paid service utilization
• Purchase and payment
• Bill sending
• Fee collection
• Refund processing

3.4 Marketing and Advertising Utilization

• Development and specialization of new services (products)
• Sending of advertising information such as events
• Provision of services and advertisement posting according to demographic characteristics
• Confirmation of service validity
• Statistics of member service utilization or access frequency

3.5 Customer Support

• Customer inquiry response
• Technical support provision
• Service improvement and development
• Collection and analysis of user feedback

4. The Period of Retention and Use of Personal Information

4.1 Principle

The Company retains the user's personal information until the purpose of collection·use is achieved, and destroys it without delay after the purpose is achieved, but retains during the corresponding period in the following cases:

4.2 At the Time of Member Withdrawal

• Principle of immediate destruction of personal information at the time of member withdrawal
• However, retains during the specified period in the following cases:

Retention of information according to internal policy

• Prevention of improper utilization: 1 year
• Record of improper service utilization: 3 years

Retention of information according to related laws

「Act on Consumer Protection in Electronic Commerce, Etc.」

• Records related to contracts or cancellation of offers: 5 years
• Records related to payment and supply of goods, etc.: 5 years
• Records related to consumer complaints or disputes: 3 years
• Records related to indications·advertising: 6 months

「Protection of Communications Secrets Act」

• Personal information related to service utilization (log records, access location tracking data): 3 months

「Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.」

• Records related to identity confirmation: 6 months

4.3 Processing of Long-term Unused Accounts

• Personal information of users who have not used the service for more than 1 year is separately separated and stored
• Pre-notification by email 30 days before separation and storage
• Separation and storage period: 4 years
• Automatic destruction after 4 years

5. The Provision of Personal Information to Third Parties

5.1 Principle

The Company does not provide the user's personal information to third parties in principle, but makes exceptions in the following cases:

• When the user has consented in advance
• When there is a request from an investigative agency according to legal regulations or the procedure and method determined by law for investigation purposes

5.2 Current Status of Provision to Third Parties

Payment Processing Service

• Recipient: Stripe, Inc. (or other payment processing agency)
• Purpose of provision: Payment processing and transaction authentication
• Items provided: Payment information (card information is not provided directly, but processed through tokenization)
• Period of retention and use: 5 years after the end of transaction (Electronic Commerce Act)

Cloud Service

• Recipient: Amazon Web Services, Inc.
• Purpose of provision: Service infrastructure provision and data storage
• Items provided: All data generated during the service utilization process
• Period of retention and use: Until member withdrawal or termination of subcontract agreement

Customer Support Service

• Recipient: Zendesk, Inc. (or other customer support platform)
• Purpose of provision: Customer inquiry processing and technical support
• Items provided: Name, email, inquiry content
• Period of retention and use: 3 years after completion of inquiry processing

6. The Subcontracting of Personal Information Processing

6.1 Principle

The Company may subcontract part of the work necessary to provide services to external companies, and administers and supervises that the subcontracted companies process personal information safely in accordance with the "Personal Information Protection Act".

6.2 Subcontracted Work Contents

The Company currently subcontracts personal information processing as follows:

6.3 Matters to Comply with When Concluding Subcontract Agreement

The Company clearly specifies the following matters in the document when concluding subcontract agreements, and administers so that the subcontractors comply:

• Prohibition of use beyond the purpose of personal information processing
• Obligation of technical·administrative protection measures
• Restriction on subcontracting
• Management and supervision of subcontractors
• Matters related to liability for damages and compensation, etc.

7. The Procedures and Methods of Destruction of Personal Information

7.1 Procedures of Destruction

The Company destroys the corresponding personal information without delay when the personal information retention period has elapsed, the processing purpose has been achieved, etc., and the personal information becomes unnecessary.

Destruction procedures:

1. The information entered by the user is moved to a separate DB after achieving the purpose, and is stored for a certain period according to internal policy and related laws, then destroyed.
2. The personal information moved to a separate DB is not used for other purposes except cases determined by law.

7.2 Methods of Destruction

Information in electronic file form

• Complete deletion using technical methods that make recovery and reproduction impossible
• Deletion and initialization of database
• Disposal of encryption keys

Personal information printed on paper

• Destruction by shredding with shredder or incineration
• Safe disposal through specialized waste disposal companies

7.3 Timing of Destruction

When the personal information retention period has elapsed

• Within 5 days after the end date of the retention period

When it becomes unnecessary due to achievement of personal information processing purpose, etc.

• Within 5 days after the date of achievement of the processing purpose

8. The Rights, Obligations and Methods of Exercise of the Information Subject

8.1 The Rights of the Information Subject

The user, as the personal information subject, may exercise the following rights:

1. Request for access to personal information
   May access their personal information retained by the Company.
2. Request for correction·deletion of personal information
   May request correction or deletion of incorrect personal information.
   However, may not request deletion when personal information is clearly designated as collection object in other laws.
3. Request for suspension of processing of personal information
   May request suspension of processing of personal information.
   However, the request for suspension of processing may be rejected in the following cases:
   • When there is a special legal provision or it is inevitable to comply with legal obligations
   • When there is concern of harming others' life·body, or unjustly infringing others' property and other interests
4. Withdrawal of consent (member withdrawal)
   May withdraw consent for collection·use or provision of personal information.

8.2 Methods of Exercise of Rights

The exercise of rights of the information subject may be performed through the following methods:

1) Settings menu within the service

• Account settings → Personal information management
• Possibility of direct access, modification, deletion

2) Requests through written documents, telephone, email, etc.

• Email: privacy@deltai.chat
• Telephone: 1-800-DELTAI
• Mail: [Company address]

3) Exercise of rights through a representative

• May be done by legal representative or authorized person
• Necessary to submit power of attorney and identity confirmation documents

8.3 Company's Measures Regarding Exercise of Rights

The Company shall notify the results of processing within 10 days from the date of receipt of the request for exercise of rights of the information subject.

8.4 Obligations of the Information Subject

The user has the obligation to protect their personal information, and the Company is not responsible for problems arising due to leakage of personal information such as email, password, etc., without fault of the Company.

The user must maintain their personal information in the most current state, and the responsibility for problems arising due to entry of inaccurate information rests with the user themselves.

9. The Security Assurance Measures of Personal Information

The Company takes the following technical·administrative·physical measures necessary to ensure security in accordance with Article 29 of the "Personal Information Protection Act":

9.1 Technical Measures

1. Encryption of personal information
   • Users' passwords are encrypted and stored and managed
   • SSL/TLS encryption applied when transmitting important data
   • Database encryption applied
2. Technical measures against hacking, etc.
   • Installation of security programs to prevent leakage and damage of personal information due to hacking or computer viruses
   • Periodic updates and inspections
   • Installation of systems in areas controlled against external access
   • Technical/physical monitoring and blocking
3. Preservation and prevention of alteration of access records
   • Preservation of access records to the personal information processing system for at least 1 year
   • Use of security functions to prevent access records from being altered and stolen, lost

9.2 Administrative Measures

1. Establishment and implementation of internal management plan
   • Establishment and implementation of internal management plan for personal information protection
2. Minimization and education of personal information handlers
   • Personal information handlers limited to minimum
   • Periodic education conducted for handlers
3. Management of personal information access permissions
   • Granting, changing, deletion of access permissions to database systems processing personal information
   • Monitoring to prevent permission abuse

9.3 Physical Measures

1. Safe storage of personal information
   • Storage of documents, auxiliary storage media, etc., containing personal information in safe places with locks
2. Access control of unauthorized persons
   • Establishment and operation of access control procedures separately for physical storage places retaining personal information

10. The Installation, Operation and Rejection of the Automatic Personal Information Collection Device

10.1 Purpose of Use of Cookies

The Company uses cookies for the following purposes:

• Analysis of users' access frequency or visit time
• Understanding of users' preferences and fields of interest
• Utilization as an indicator of service improvement
• Maintenance of login session

10.2 Installation, Operation and Rejection of Cookies

Method of rejecting cookie settings:

1. Rejection through web browser settings
   • Internet Explorer: Tools → Internet Options → Privacy → Advanced
   • Chrome: Settings → Advanced → Privacy and Security → Site Settings → Cookies
   • Safari: Preferences → Privacy → Cookies and Website Data
   • Firefox: Options → Privacy & Security → Tracking Protection and Cookies
2. Impact when rejecting cookie storage
   • When rejecting cookie storage, there may be difficulties in utilizing services that require login.

10.3 Other Automatic Collection Information

The Company may automatically collect the following information for service improvement and security purposes:

• IP address
• Visit date and time
• Service utilization record
• Improper utilization record

11. The Privacy Protection Responsible Person

The Company designates the privacy protection responsible person as follows to take total responsibility for personal information processing and process dissatisfactions and damage remedies related to the information subject.

11.1 Privacy Protection Responsible Person

11.2 Privacy Protection Responsible Department

11.4 Method of Remedy for Rights Infringement

The user may request dispute resolution or consultation from the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc., to obtain remedy for damages caused by personal information infringements.

Personal Information Infringement Report Center

• Telephone: (area code not required) 118
• Website: https://privacy.kisa.or.kr

Personal Information Dispute Mediation Committee

• Telephone: (area code not required) 1833-6972
• Website: https://www.kopico.go.kr

Supreme Prosecutors' Office Cyber Crime Investigation Department

• Telephone: 02-3480-3573
• Website: https://www.spo.go.kr

National Police Agency Cyber Security Bureau

• Telephone: (area code not required) 182
• Website: https://cyberbureau.police.go.kr

12. The Processing of Personal Information Transferred Overseas

12.1 Current Status of Overseas Transfer

The Company transfers the user's personal information overseas as follows to provide services:

Cloud Service (AWS)

• Items of personal information transferred: All personal information collected during the service utilization process
• Country to which transferred: United States
• Date and method of transfer: Transmission through network at the time of service utilization
• Purpose of use of transfer recipient: Cloud service provision and data storage
• Period of retention and use: Until member withdrawal or termination of subcontract agreement

12.2 Security Assurance Measures When Transferring Overseas

The Company takes the following security assurance measures when transferring personal information overseas:

• Selection of companies that have obtained international certifications related to personal information protection (ISO 27001, etc.)
• Celebration of Standard Contractual Clauses (SCC)
• Implementation of security assurance measures such as encryption
• Conducting periodic security audits

13. The Change of the Privacy Policy

13.1 Notice When Changing

This privacy policy applies from the effective date, and when there is addition, deletion or correction of change content due to laws and guidelines, notice shall be given through matter announcements 7 days before the effective date of the change.

However, when there are significant changes in user rights, notice shall be given at least 30 days in advance and individual notification shall be made by email.

13.2 Change History

• Version 1.0 (Effective November 1, 2025): First establishment

13.3 Confirmation of Previous Versions

Previous versions of the privacy policy can be confirmed on the company website (https://www.deltai.chat/policy/privacy).

Addendum

Article 1 (Effective Date)
This privacy policy becomes effective on November 1, 2025.

Article 2 (Reference Matters)

• Service Terms of Use: https://www.deltai.chat/policy/service
• Refund and Fraud Prevention Policy: https://www.deltai.chat/policy/refund
• Pricing Policy: https://www.deltai.chat (Prices and policies may change, please refer to the main page)

© 2025 deltai Technologies Inc. All rights reserved.